samba - Jul 2002 - integrate print with windows, print administration from w2K/NT

Hi list, I'm working on a RH 7.2 non intel system which I'd like to do 
printserving for windows clients.  I'm using samba 2.2.5-1 installed via 
RPM.  Ideally the print administrator would manage access to the 
print-queues remotely from his win2k box.

Am I understanding correctly, that if I hand-off user/group checks to 
winbind in my nsswitch.conf, that NT groups can be enforced without 
jumping through hoops on the linux system?  So that print admin can 
restrict access to some printers based on already established NT groups?

Can print admin manage the actual samba print shares from his win2k 
box?  Am I looking at swat here?

Also, print admin needs to be able to reroute print queues to a 
different printer without losing jobs in queue, so the print jobs can go 
to a printer at a different ip while the original destination of the 
queue gets serviced.  Best I can think of right now is firing up 
printconf, modifying the ip address for the queue and restarting lpd.  
So the queue names stay the same and nothing in samba changes, only the 
destination ip of the print queue changes without jobs getting lost... 
but is there a better way?  If they print to an alias for a queue and 
the alias gets switched to point to a different queue, do jobs already 
sitting in the queue get redirected appropriately?  Or is there a better 
way 1 or 2?

I'm still taking baby steps, haven't yet added a machine account for the
linux server yet, but I have user authentication to the NT PDC (assuming 
account exists on linux), and am able to send print to linux, which 
pushes it to jetdirect networked printers.  From what I've read, looks 
like for winbind I will need to have NT Admin add machine account to 
PDC.  Or is there a way to experiment with winbind without bothering NT 
admins yet?

How much will lack of broadcast hurt?  I use a point to point gateway 
interface, and nmbd would die with the required netmask of 
255.255.255.255 so I had to fake the interface netmask (I used /24).  
Tests at http://us1.samba.org/samba/docs/DIAGNOSIS.html that rely on 
broadcast fail as you'd expect
TEST 6:
# nmblookup -d 2 '*'
added interface ip=a.b.c.d bcast=a.b.c.255 nmask=255.255.255.0
querying * on a.b.c.255
name_query failed to find name *

TEST 10:
# nmblookup -M THE_DOM
querying THE_DOM on a.b.c.255
name_query failed to find name THE_DOM#1d

I just want to make sure I don't bark up any wrong trees.  Thanks to 
anyone who takes the time to answer anything,
~ Daniel

On Tue, 16 Jul 2002 daniel.jarboe@custserv.com wrote:
> Am I understanding correctly, that if I hand-off user/group checks to
> winbind in my nsswitch.conf, that NT groups can be enforced without
> jumping through hoops on the linux system?  So that print admin can
> restrict access to some printers based on already established NT groups?
> 
Yes.
> Can print admin manage the actual samba print shares from his win2k 
> box?  Am I looking at swat here?
To a certain extent.  There are two levels of management here.  The 
Windows printer settings and the lpd/cups/lprng/etc... queues.
Printer admin gives you the abilility to do the former.  Root is normally 
required for the latter (unless there is a print system specific way to 
delegate authority).














cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN
0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--